Vice President, Risk and Control - Digital Engineering

Accountable for defining, creating and governing the Digital Engineering Risk and Control strategy in accordance with the wider EMEA Technology IT Risk and Control vision and strategy and risk appetite. Responsible for defining the Digital Engineering Solutions and Services risk appetite and framework in accordance with the overall Technology departments risk appetite and tolerance framework, managing the departments operational, regulatory and financial risk.

Key Responsibilities

• Define and evolve the Digital Engineering Services and Solutions Key Risk Indicators and Controls and govern accordingly.
• Present the department’s risk landscape, providing proactive oversight and prioritisation to ensure timely closure of issues.
• Run the departments Risk/Control/Audit monthly forum committee presenting high‑quality risk reports and insights to Head of Digital Engineering Services and Solutions and the Extended Leadership Team.
• Responsible for providing visibility of the Extended Leaderships Teams EOL roadmap, the departments position and Product Owners remediation plan and progress.
• Primary contact for all risk, control and audit issues across all Digital Engineering Solutions and Services teams.
• Provide assurance over the department’s controls design and effectiveness, ensuring controls are proportionate and embedded in day‑to‑day department activity.
• Provide proactive assurance around risk management through appropriate data‑driven monitoring and through the implementation of structured sampling techniques to validate that controls are functioning as intended before failure.
• Educate and lead the Digital Engineering Staff defining best practice operations and governance in line with industry and company standards.
• Work in partnership with the Digital Engineering Solutions and Services Product and Platform owners, challenging and advising on risk management for new products, processes and change programmes.
• Provide risk‑based decision making, supporting the department to make informed, risk‑based decisions by providing an aggregated view of risk exposures.
• Drive and adhere to strategic direction of accountable pillars, while supporting the rest of the department.
• Responsible for managing Issue Management on behalf of the Digital Engineering Services and Solutions department.
• Handle potential sensitive information relating to Cyber Security events and assessments on behalf of Digital Engineering Services and Solutions.
• Work across all areas of the Digital Engineering Services and Solutions department to ensure the Digital Engineering Control & Governance team provides necessary support services, oversight function and governance capabilities to all other extended leadership teams and stakeholders.
• Responsible for building strong relationships across the Bank and Securities functions, underpinned by trust and the core values of the bank.
• Develop relationships with key stakeholders such as IT Risk & Control, Cyber Security, other technology pillars, Operational Risk, Internal Audit, Compliance and external parties where applicable.
• Oversee Digital Engineering Services and Solutions relationship with IT Risk and 3rd parties for all external audits and assessments.
• Oversee Digital Engineering Services and Solutions relationship with IT Risk for all internal audits which have an Infrastructure or Service Management aspect.
• Ensure strong governance, structures and processes are in place to support effective operational risk and control management across the department.
• Accountable for managing Open Issues on behalf of the Digital Engineering Services and Solutions department, tracking and ensuring proactive remediation and timely support.
• Support Digital Engineering Solutions and Services extended leadership teams with creation/attestation of key controls against the Operational Risk Framework.
• Manage engagement with stakeholders to design, plan and deliver remediation actions for control deficiencies.
• Oversee risk identification and mitigation efforts, ensuring understanding of strategic goals.
• Ensure departments adherence to internal policies and external regulatory requirement.
• Manage complex risk related loss events, conducting root cause analysis, working with Product and Platform owners to develop response plans.
• Perform applicable operational control checks across Infrastructure and engage with other areas of Technology when required.
• Work in partnership with the departments Incident management and Threat and Vulnerability team to detect and address vulnerabilities.
• Ensure that the team operates in a controlled manner in accordance with standards and procedures whilst adhering to all related security and compliance procedures.
• In conjunction with IT Risk, Security and Control, ensure that all regulatory requirements are fully complied with, including SOX assessments and appropriate defences and controls are in place to deal with all cyber risks.
• Execute risk governance across all Digital Engineering Solutions and Services verticals.
• Provide support to Digital Engineering Services and Solutions for pen test findings.
• Produce and manage Digital Engineering Solutions and Services owned Key Risk Indicators.
• Support disaster recovery exercises, ensuring new services are documented and deployed with BCP/DR in mind.
• Provide advisory assistance to IT Risk and Control relating to My Access Live (MaL) and Access Management processes, acting as input into review processes with particular emphasis on Digital Engineering related platforms.
• Input into Incident Management Process where appropriate.
• Support new applications as and when released to the business.
• Escalate potential service issues to management.
• Produce regular risk management data for management.
• Chair the Departments Risk Oversight Committee.
• Lead and champion MUFG’s inclusive, diverse, and values‑led culture while fostering a growth mindset to embrace new technologies, industry advancements, and innovative use cases.
• Ensure appropriate risk awareness training is in place across the department to fulfil current and future requirements.
• Build and nurture strong relationships with internal and external stakeholders, including business teams, to promote collaboration, understand industry’s best practices, and influence positive change across the organization.

Work Experience

• Extensive experience leading and managing risk and control and teams across multiple regions within a regulated environment.
• Extensive proficiency in scenario analysis and developing mitigation strategies.
• Experience representing risk and control on behalf of a large Technology department to an Executive level audience.
• A strong track record of engaging credibly with Executives providing confident challenge and clear, decision‑ready insight.
• Experience of working alongside network, server, database, desktop; asset management and storage functions.
• Experienced in dealing with vendors and third‑party suppliers.
• Strong track record of managing teams and building effective partnerships with peers.
• Experience with comprehensive disaster recovery architecture and operations, including storage area network and redundant, highly available server and network architectures.
• Experience with regulatory compliance issues as they apply to Infrastructure.

Skills and Experience

• Extensive experience leading a risk & control function in a financial services organisation.
• Extensive experience working with Risk Management tools e.g. Open Pages.
• Understanding of the COBIT, NIST 2 framework.
• Extensive experience leading internal audit and external audit bodies.
• Proven track record of managing risk related issues for large departments, through the lifecycle of creation, reporting and remediation.
• Experience with industry‑specific regulatory requirements and their impact on operational risk.
• In‑depth understanding of compliance obligations related to AML, data privacy, cybersecurity and FCA regulations.
• Excellent knowledge of regulations such as SOX and external assessments such as CBEST.
• Extensive prior experience working within Infrastructure environment and high‑level understanding of the environment, platforms and technology.
• Solid understanding of threat & vulnerability management processes and technologies.
• Extensive exposure of Incident Management and Problem management and root cause analysis.
• Proven ability to communicate effectively with Senior Management providing governance oversight.
• Ability to balance strategic goals with practical risk management solutions.
• Interpret and analyze risk data and provide relevant insights.
• Prior experience of managing people and leading a Risk and Control team with line management responsibilities.
• Experience of sitting within a Management Team directly reporting to L2 Management or above.

Personal Requirements

• Excellent communication skills with strong leadership and people management skills to manage a team of technical specialists, inspiring trust and motivation.
• Ability to manage constructive conflict effectively.
• Build strong and lasting relationships across the bank.
• Results driven, with a strong sense of accountability, focused on business outcomes.
• Strong decision‑making skills, with the ability to demonstrate sound judgement.
• A structured and logical approach to work.
• A creative and innovative approach to work.
• Excellent interpersonal skills.
• The ability to manage large workloads and tight deadlines.
• Excellent attention to detail and accuracy.
• A calm approach, with the ability to perform well in a pressurised environment.
• A confident approach, with the ability to provide clear direction to your team.
• Ability to lead a high‑performing team.
• A strategic approach, with the ability to lead and motivate your team.
• Conscientious, methodical and logical approach to work.

Equal Opportunity and EEO Statement

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership. We make our recruitment decisions in a non‑discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.